Trust Center

Transparency, security and compliance — reliable for leasing companies and banks. Here you will find all information about our security architecture, compliance policies and data protection according to GDPR, BAIT, MaRisk and DORA.

GDPR Compliant
BAIT & MaRisk Compliant
DORA Compliant
ISO 27001 Oriented

Maximum Protection for Personal Data

We process personal data exclusively in accordance with the GDPR and ensure the highest transparency in all processing steps.

Encryption at Every Level

TLS 1.3 for all data transmissions, AES-256 for data at rest. Not only user data is encrypted, but also backups, logs and configuration data.

Need-to-Know Principle with MFA

Strict access and role management with multi-factor authentication. Access is logged server-side.

German Data Centers, Hosted by ISO 27001-Certified Providers

Exclusively hosted with ISO 27001-certified hosting providers in data centers within Germany. Highly available, scalable and fully compliant with GDPR, BAIT and DORA.

Regulatory Requirements Reliably Implemented

CrossLease aligns with the requirements of DORA, GDPR and BAIT and supports you in structurally implementing regulatory standards.

BAIT & MaRisk

ICT risk management, authorization concepts and traceable processes — aligned with the requirements of the Federal Financial Supervisory Authority (BaFin).

DORA

Digital Operational Resilience Act — with structured ICT risk management, incident response processes and outsourcing governance.

TOMs & Compliance Documentation

Technical and organizational measures (TOMs), data processing agreement (DPA) and further compliance documents — available on request.

Answers to the Most Important Questions

Exclusively in ISO 27001-certified data centers in Germany. No data transfer to third countries takes place. Sub-processors with data access are contractually and technically integrated and regularly audited.

Yes. Data transmission uses TLS 1.3, data at rest is encrypted with AES-256. This applies to user data, backups, log data and configuration information.

Access is exclusively on a need-to-know basis, secured by multi-factor authentication. Access is logged server-side. Administrative access by CrossLease employees is subject to defined approval processes.

Defined incident response processes in accordance with GDPR, BAIT and DORA. This includes: immediate escalation, structured analysis, incident documentation and — if required — notification of supervisory authorities within regulatory deadlines.

Available on request: data processing agreement (DPA), technical and organizational measures (TOMs), processing records, sub-processor list, penetration test reports and DORA-related ICT risk reports.

Our data protection team can be reached at [email protected] or by phone through our central support line.

GDPR, BAIT, MaRisk, DORA — let's talk straight.

No marketing speak. Ask us — we'll answer concretely.

Get in touch [email protected]